What’s included –

Features

patronus API

Feature List of our Web App Security Scanner

We are able to detect the following vulnerabilities (GET and POST HTTP methods supported):

  • XSS (Cross Site Scripting) injection
  • SQL Injection (Database Injection)
  • OSCI (Operating system command injection)
  • File disclosure (LFi, RFi, …)
  • Payloads uses Path Traversal and Null-Termination practices
  • Known Vulnerability Detection (Exploit Check and Software Detection)
  • TLS / SSL Security Check
  • HTTP Security Header Analysis
  • Check for Subresource Integrity Hashes

General features:

  • Generates vulnerability reports in various formats (HTML, JSON)
  • Abort a running scan
  • Usable via API
  • Easy to integrate into any Pipeline
  • Fail Pipeline if issues are found
  • Supports SPA (Single Page Applications)
  • Cookie based login support via form submission

Additional features:

  • Detect anomalies such as 500 errors
  • HTML and JavaScript comment extraction
  • Detects several suspicious words and get warned about missing recommended keywords
  • Automatically reduces false positives by retesting
  • Mark false positives manually to ignore in future runs
Browsing features:
  • Possibility to set the first URL to explore
  • Several options to control the crawler behavior and limits
UI abstraction:
  • Command-line Interface
  • Web User Interface

Configuration options for the API:

  • Blacklists in URL
  • Crawler limit of documents
  • Type of requester: HTML-Only (fast), Full Browser (slower but supports Single Page Applications)
  • RequestsPerMinute
  • Login credentials
  • Payloads
  • ignoreIssues to mark as false positve
  • Projectname

Test Your Web Application

Ready to get started?

Create your account today and start testing your web applications within minutes.